CVE-2012-0797: Moodle Users Can Bypass Deleted Status
(updated )
The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token.
References
- git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28126
- moodle.org/mod/forum/discuss.php?d=194016
- bugzilla.redhat.com/show_bug.cgi?id=783532
- github.com/advisories/GHSA-72gv-qqrp-h9qg
- github.com/moodle/moodle/commit/364622b4662d9f349f3701ed548cda2f31491fea
- github.com/moodle/moodle/commit/bbcde38b334ecbfa2a18b01b77a7e995b2c0d9f7
- github.com/moodle/moodle/commit/dbfa519ad9e4d33ac3a4cd506d606d56a2f0bbff
- github.com/moodle/moodle/commit/e922d9a90bab337b1082fbe28c352c18cae2580e
- nvd.nist.gov/vuln/detail/CVE-2012-0797
Code Behaviors & Features
Detect and mitigate CVE-2012-0797 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →